Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Is the 'Perl Community' naive and/or stupid?

by mojotoad (Monsignor)
on Dec 08, 2005 at 09:50 UTC ( #515179=perlmeditation: print w/replies, xml ) Need Help??

I don't have much to add to this: Attack on Perl or Perl's need better PR (again)

What I do have is a question. Is the sudden sprouting of these (several, on more or less the same day) articles:

  1. misinformed meme that got promulgated along various blurburgitators, or
  2. a coordinated smear campaign (who? follow the, 'street cred')

Either option is interesting to me.


Update:: The point is 'who stands to benefit'. I don't have the answer, but patterns like this stand out. Why?

Update 2: No, I don't think the dates correspond to some sort of 'Perl Harbor'. Maybe a Perl Harbinger.

  • Comment on Is the 'Perl Community' naive and/or stupid?

Replies are listed 'Best First'.
Re: Is the 'Perl Community' naive and/or stupid?
by fergal (Chaplain) on Dec 08, 2005 at 11:13 UTC

    Perl's sprintf had a bug that can cause buffer overflow and therefore execution of arbitrary code. A particular actual real live vulnerability due to this exists in webmin. So although many of the "blurblurgitators" probably are misinformed to some extent, there was a real security hole in perl.

    I also don't think it was a coordinated smear campaign. There are plenty of people who'll gloat and cheer at a hole found in rival language - no need for coordination :).

Re: Is the 'Perl Community' naive and/or stupid?
by gjb (Vicar) on Dec 08, 2005 at 12:26 UTC

    The coincidence of several such articles is probably also caused by the fact that journalists have to earn a living, i.e. they have to cover the news. If the news happens to be that there's a vulnerability in X than it is reported by a number of news channels, each -- at best, although usually not -- trying to give it an original spin.

    Take a totally unrelated example: if Bush visits the UK, then this will be reported by the BBC, but also by about every American channel and the majority of European ones. It will even be mentioned in passing in the rest of the world. Is this a conspiracy? I think not ;)

    Just my 2 cents, -gjb-

Re: Is the 'Perl Community' naive and/or stupid?
by perrin (Chancellor) on Dec 08, 2005 at 13:55 UTC
    Security holes are a pretty good story. The story would most likely be getting a lot more press if it was Java.
Re: Is the 'Perl Community' naive and/or stupid?
by radiantmatrix (Parson) on Dec 08, 2005 at 15:27 UTC

    Who stands to benefit? News agencies and advertisers. News gets reported, and any kind of suggestion of scandal or fear ("Perl is insecure, run!!!") gets readers. More readers bring higher advertising dollars.

    We see the fallout on PM because the press created a situation where this story got a high public profile. It's in the forefront of many people's minds, who have many different agendas. At least some segment of those people will pimp themselves on a forum dedicated to discussing Perl.

    I wouldn't read much more into it than human nature suggets. Who was it that said 'never attribute to malice that which can be adequately explained by ignorance' (or something like that)?

    A collection of thoughts and links from the minds of geeks
    The Code that can be seen is not the true Code
    "In any sufficiently large group of people, most are idiots" - Kaa's Law

      You asked ... so I looked for it. Best I could find was Hanlon's Razor saying, "Never attribute to malice that which is adequately explained by stupidity." Ignorance and stupidity aren't quite the same thing, but are probably close enough for this purpose.

      Most likely you're right. When assigning blame, one should look for intent. What is the intent of these journalists? Most likely, their intent is to hit a deadline to sell advertising. Nothing malicious about that, although they may do so recklessly without regard for how much of the truth they explore in their stories. The idea that they write these stories trying to do damage to the Perl community is plausible, but highly unlikely.

      As for the "high public profile" - I imagine there will be very little fallout from this. Even Microsoft gets very little fallout from all their emergency patches they were sending out as the world still is primarily Windows, IE, and Word, and those were much more pervasive, exploited, and visible problems than this one. Six months from now, no more than a couple dozen people will even remember it - probably not even the journalists that wrote about it.

      That's not to say that P5P isn't doing a fabulous job in solving the underlying problem for 5.8.8, nor to say that they shouldn't bother. Security threats are serious, and should be taken as such. Just that most people don't seem to treat them that way, and it'll just be a fog in their memory in the not-too-distant future.

Re: Is the 'Perl Community' naive and/or stupid?
by spiritway (Vicar) on Dec 09, 2005 at 06:03 UTC

    Never ascribe to malice, that which is adequately explained by stupidity.

    -Napoleon Bonaparte

    I think in this case, a certain lack of thought, coupled with some lack of understanding of the Perl language, is enough to explain this "news". Oh, and one writer parroting another...

    UPDATE: Dang, I hadn't seen Tanktalus's reference to Hanlon's Razor. Sorry 'bout that...

Re: Is the 'Perl Community' naive and/or stupid?
by belg4mit (Prior) on Dec 13, 2005 at 02:09 UTC
    FYI the article was retitled "Danger level rises for Perl app flaws" on: November 30, 2005, 8:50 AM PST, 13 hours and 2 comments after being posted.

    In Bob We Trust, All Others Bring Data.

      Not initially, however. It was edited after someone got in touch with them (I donít remember who or where it was mentioned; might have been the TPF weblog).

      Makeshifts last the longest.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://515179]
Approved by marto
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (4)
As of 2021-02-26 15:24 GMT
Find Nodes?
    Voting Booth?

    No recent polls found